Privacy Policy.

This Policy applies to all personal data processed in connection with our bistro and food service activities — clients who order food and drinks, clients who request invoices, clients who order corporate catering on CNPJ, website visitors who make enquiries and any person whose data we process. Most clients consume at the bistro without any personal data being collected — an anonymous transaction is the default. Data is collected only when the client requests an invoice, places an advance order, or uses our WhatsApp ordering service.

• Anonymous walk-in (default): Most clients buy food and drinks at the bistro without any data being collected — cash or card payment, no prior order, no invoice request. Anonymous transaction by default. No data collected or retained.
• Invoice data (NF-e / NFC-e — when requested): CPF or CNPJ when the client requests a formal invoice — for corporate reimbursement, meal allowance, per diem documentation or personal records. Optional.
• Advance order data (WhatsApp / website): Name and WhatsApp number when placing an advance order or requesting a catering quote. Used only for that order.
• Corporate catering data (B2B): Company name, CNPJ, contact name, delivery address and order specification for institutional or corporate catering orders — government agencies, companies and organisations in Brasília that order in volume with CNPJ invoice.
• Dietary restrictions (when voluntarily shared): Allergies or dietary preferences shared for order customisation. Treated as health-related data (LGPD Art. 5º, II) — used only for that order and not retained.
• Website contact data: Name, WhatsApp and message when using the contact or catering enquiry form.
• Technical website data: IP address, browser type and pages visited.

• SEFAZ-DF / Receita Federal: NF-e or NFC-e with identification — electronic transmission. Anonymous transactions generate no personal data transmission.
• ICMS-DF bookkeeping: Sales data transmitted as required by SEFAZ-DF for retail food businesses in the Distrito Federal.
• VISA-DF / SES-DF: During food safety inspections — institutional data of the bistro is shared with the competent authority. Client personal data only under formal, documented legal requirement.
• PROCON-DF / Senacon: When required in consumer disputes under the CDC.
• Legal authorities: When required by court order or administrative authority.

Our operation is based in Núcleo Bandeirante, Brasília, DF. All client data is processed in Brazil. Tax records (NF-e) are processed exclusively in systems certified by the Receita Federal and SEFAZ-DF. Any communication platforms operating on international servers do so under the guarantees of Art. 33 of the LGPD.

• Anonymous walk-in transactions: No personal data collected or retained.
• Dietary restrictions: Not retained — used only for the preparation of that specific order and discarded.
• Advance order data (WhatsApp): Retained for 30 days after the order — to resolve any queries. Deleted thereafter.
• NF-e and NFC-e (ICMS-DF / SEFAZ-DF): Minimum 5 years as required by Brazilian federal and DF tax legislation.
• B2B corporate catering client data: Retained for the duration of the commercial relationship and for 5 years after the last invoice — consistent with tax retention requirements.
• Website contact data without order: Up to 3 months from the date of contact.
• Website analytics: Aggregated and anonymised after 12 months.

• Anonymous walk-in as the default — no data collected for clients who do not request invoices or advance orders;
• Dietary restrictions communicated verbally to the food preparation team — not stored in any system without consent;
• NF-e issued using a certified digital certificate (A1/A3) approved by the Receita Federal;
• WhatsApp order data handled with discretion — not shared within the team beyond what is necessary to fulfil the order;
• Website encrypted (HTTPS);
• Incident response procedures in accordance with LGPD Art. 48.

• Confirmation and Access (Art. 18, I–II): Confirm whether we hold your data and receive a copy.
• Deletion (Art. 18, IV): Request deletion — subject to mandatory invoice retention (5 years under tax law). Order data without invoice can be deleted upon request.
• Reclamation to the ANPD (Art. 18, §1º): Lodge a complaint at www.gov.br/anpd.

We respond within 15 business days.

Our website may use cookies for essential functionality and aggregated performance analytics. We do not use behavioural tracking or advertising cookies. Cookie preferences can be managed through your browser settings.

Our food service is open to all ages — families with children are welcome. When an advance order or catering request is made by an adult including children, we process only the adult's data. We do not collect data from minors via the website. We do not serve alcoholic beverages and therefore the age restrictions of Lei nº 9.294/96 regarding alcohol sales do not apply to our bistro's core offering.

This Policy may be updated to reflect changes in our activities, in the LGPD, in ANPD guidance, in ANVISA or VISA-DF food safety regulations, or in the fiscal legislation of the Distrito Federal. Material changes will be communicated via our website.

All privacy requests should be directed to our Data Protection Officer (LGPD Art. 41):